Cross site scripting

2021-05-0503:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

50.8%

JSON

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload.

CPENameOperatorVersion
serv-u_ftp_servereq15.1
serv-u_mft_servereq15.1

CPE	Name	Operator	Version
	serv-u_ftp_server	eq	15.1
	serv-u_mft_server	eq	15.1

References

github.com/matrix

support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-Hotfix-3?language=en_US

twitter.com/gm4tr1x

www.linkedin.com/in/gabrielegristina

0.001 Low

EPSS

Percentile

50.8%

JSON

Related for PRION:CVE-2020-22428